Connecting Technology and Business.

Microsoft has
announced that Microsoft Azure has obtained the ISO/IEC 27017:2015 certification, an
international standard that aligns with and complements the ISO/IEC 27002:2013 with
an emphasis on cloud-specific threats and risks.

This
certification provides guidance on 37 controls in ISO/IEC 27002 and features
seven new controls not addressed in ISO/IEC 27002. Both cloud service providers
and cloud service customers can leverage this guidance to effectively design
and implement cloud computing information security controls. Customers can
download the ISO/IEC 27017 certificate which demonstrates Microsoft’s continuous
commitment to providing a secure and compliant cloud environment for its
customers.

Microsoft Azure
helps customers meet their compliance requirements across a broad range of regulated
industries and markets including financial services, healthcare, life sciences,
media and entertainment, worldwide public sector, and US federal, state and
local government.

Microsoft wants to ensure that its Office 365customers have
access to the information that is relevant for them to perform a risk assessment
on Office 365 services—on demand. Access to this information should be
seamless.

To achieve these goals, they have released
the Service Assurance Dashboard as part of the Office 365 Security and
Compliance Center, which provides you immediate access to:

Details on
how Office 365 implements security, privacy and compliance controls including
details of how third-party independent auditors perform audits to test these
controls.

Information
on how you can leverage Office 365 security controls and configurations to
protect your data.

While there are many detailed insights
provided through Service Assurance, initial customer feedback indicates that
Audited Controls are particularly helpful. The Audited Controls feature in
Service Assurance helps you to understand how Office 365 protects customers' data by
detailing:

Test
status—Status of the Office 365 controls.

Control
implementation details—Explanation of how Office 365 implements a control.

Testing
performed to evaluate control effectiveness—How independent auditors test the
effectiveness of our security, compliance and privacy controls.

Azure Backup is a service that customers can use to
back up and restore their data in the Microsoft cloud. It replaces the existing
on-premises or off-site backup solution with a cloud-based solution that is
reliable, secure, and cost-competitive. It also helps protect assets that run
in the cloud. Azure Backup provides recovery services built on a world-class
infrastructure that is scalable, durable, and highly available.

Why use Azure Backup?

Traditional backup solutions have evolved
to treat the cloud as an endpoint similar to disks or tape. While this approach
is simple, it is also limited. It does not take full advantage of an underlying
cloud platform and translates to an inefficient, expensive solution. In
contrast, Azure Backup delivers all the advantages of a powerful and affordable
cloud backup solution.

Take advantage of high availability guarantees without the overhead of
maintenance and monitoring. Azure Backup uses the underlying power and scale
of the Azure cloud, with its nonintrusive auto-scaling capabilities.

Multiple storage options

Choose your backup storage based on need:

·A locally redundant storage block blob is ideal for price-conscious
customers, and it still helps protect data against local hardware failures.

·A geo-replication storage block blob provides three more copies in a
paired datacentre. These extra copies help ensure that your backup data is
highly available even if an Azure site-level disaster occurs.

Unlimited data transfer

There is no charge for any egress (outbound) data transfer during a
restore operation from the Backup vault. Data inbound to Azure is also free.
Works with the import service where it is available.

Data encryption

Data
encryption allows for secure transmission and storage of customer data in the
public cloud. The encryption passphrase is stored at the source, and it is
never transmitted or stored in Azure. The encryption key is required to
restore any of the data, and only the customer has full access to the data in the
service.

Application-consistent backup

Application-consistent backups on Windows help ensure that fixes are
not needed at the time of restore, which reduces the recovery time objective.
This allows customers to return to a running state more quickly.

Long-term retention

Rather than pay for off-site tape backup solutions, customers can back
up to Azure, which provides a compelling tape-like solution at a low cost.

Organizations own the data they keep in the
cloud and they need to know how it is being handled at all times.

Microsoft is the industry leader in cloud
compliance for enterprise customers. With the Office 365 E5 plan, advanced
compliance is integrated into the service, so organizations can meet their
unique requirements using a single cloud service.

Microsoft recognizes that organizations want
control over access to content stored in cloud services. To maximize data
security and privacy for Office 365 customers, Microsoft has engineered the
service to require nearly zero interaction with customer content by Microsoft
employees. Access is obtained through a rigorous access control technology
called Customer Lockbox for Office 365, which helps enterprises meet compliance
obligations for explicit data access authorization. In the rare instance when a
Microsoft service engineer needs access to enterprise data, access control is
extended to you so that you grant final approval for access. Actions taken are
logged and accessible to you so that they can be audited.